From 62b7dab15c1eb17da14c4ca7d7f90b7ed9a85cdd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=A7=89=20infominer?= Date: Tue, 3 Oct 2023 03:19:10 -0400 Subject: [PATCH] maintnence --- _data/standards.csv | 2 +- _pages/tags/organization.md | 7 +++++++ _posts/government/europe/2020-01-06-eIDAS.md | 14 ++++++++++++++ .../europe/2023-06-09-united-kingdom.md | 2 +- _posts/government/usa/2020-11-01-dhs.md | 2 +- _posts/organizations/2020-10-11-hyperledger.md | 15 +++++++++++++++ .../2023-09-29-VC-Data-Integrity_BBS+.md | 2 +- unsorted/next/scotland-uk.md | 10 +++++++++- 8 files changed, 49 insertions(+), 5 deletions(-) create mode 100644 _pages/tags/organization.md diff --git a/_data/standards.csv b/_data/standards.csv index ab91eb56..503b7a47 100644 --- a/_data/standards.csv +++ b/_data/standards.csv @@ -481,7 +481,7 @@ Linked Data,WebofTrustInfo,,,"Manu Sporny, Harlan Wood, Noah Thorp, Wayne Vaughn Linked Data,WebofTrustInfo,,,"Ganesh Annan, Kim Hamilton Duffy",,,,,rwot7-toronto,Resource Integrity Proofs,"Cryptographic linking provides discoverability, integrity, and scheme agility
Contributors: Manu Sporny, Dave Longley, David Lehn, and Bohdan Andriyiv
Currently, the Web provides a simple yet powerful mechanism for the dissemination of information via links. Unfortunately, there is no generalized mechanism that enables verifying that a fetched resource has been delivered without unexpected manipulation. Would it be possible to create an extensible and multipurpose cryptographic link that provides discoverability, integrity, and scheme agility?
Cryptographic linking solutions today have yet to provide a generalized mechanism for creating tamper-evident links. The Subresource Integrity standard limits this guarantee to script and link resources loaded on Web pages via the use of HTML attributes. IPFS provides a verification mechanism that is constrained to hash-based, content-addressable links, with no ability to complete content negotiation. RFC6920 proposes another mechanism that cannot be applied to existing links: it recommends the use of named information hashes and a resolution method that creates a content addressable URL [1]. Resource Integrity Proofs incorporates ideas from these standards and solutions to provide a new data format for cryptographic links that is fit for the open world.",,https://github.com/WebOfTrustInfo/rwot7-toronto/blob/master/final-documents/resource-integrity-proofs.md,,Paper,,,Main,,,,,,,,2018-12-12,,,,,,,,,,,,, Linked Data,WebofTrustInfo,,,,,,,,rwot6-santabarbera,Recent happenings with Linked Data Capabilities,"Veres One's architecture has been adjusted to take full advantage of Linked Data Capabilities as its primary mechanism for granting authority to perform operations on the ledger as well as on DID Documents. permission to update key materials can be conditionally handed out to an entity (or entities) and later revoked if deemed appropriate using Linked Data Capabilities' design.
As for ledger updates, Accelerators also make use of Linked Data Capabilities. To prevent spamming the ledger, the costs of an update must somehow be accounted for. The traditional way to do this on a blockchain is to use proof of work, and this is also an option in Veres One, but for those use cases where expending time and energy on proof of work is less desirable users can use an ""accelerator"".
An accelerator is an entity that has been granted a capability to perform updates on the ledger more quickly. Accelerators may likewise take advantage of Linked Data Capabilities' support for delegation, with or without caveats.",,https://github.com/WebOfTrustInfo/rwot6-santabarbara/blob/master/topics-and-advance-readings/ld-ocap-recent-happenings.md,,Paper,,,Main,,,,,,,,2018-03-02,,,,,,,,,,,,, Linked Data,WebofTrustInfo,,,,,,,,rwot4-paris,LD Signature Format Alignment,"The goal of the ""LD Signature Format Alignment"" Working Group at Rebooting the Web of Trust IV was to investigate the feasibility and impact of the proposed 2017 RSA Signature Suite spec, which brings JSON-LD signatures into alignment with the JOSE JSON Web Signature (JWS) standards.The 2017 RSA Signature Suite is based on RFC 7797, the JSON Web Signature (JWS) Unencoded Payload Option specifcation. This approach avoids past concerns about JWT raised in the LD signature adopters, including:•Increased space consumption associated withbase-64 encoding.•Difculty of nesting or chaining signatures, leading to data duplication.•Use of a format that is not a JSON object, preventing ability to rely exclusively on a JSON document-based storage engine (whilepreserving the signature)",,https://nbviewer.jupyter.org/github/WebOfTrustInfo/rwot4-paris/blob/master/final-documents/ld-signatures.pdf,,Paper,,,Main,,,,,,,,2017-08-18,,,,,,,,,,,,, -"Linked Data, Object Capabilities",CCG,,,,,,,,,Authorization Capabilities for Linked Data v0.3,"Authorization Capabilities for Linked Data (ZCAP-LD for short) provides a secure way for linked data systems to grant and express authority utilizing the object capability model. Capabilities are represented as linked data objects which are signed with Linked Data Proofs. ZCAP-LD supports delegating authority to other entities on the network by chaining together capability documents. ""Caveats"" may be attached to capability documents which may be used to restrict the scope of their use, for example to restrict the actions which may be used or providing a mechanism by which the capability may be later revoked.

[...] Relationship to Verifiable Credentials [...]

We seem to be in a conundrum. Claims and credentials are forms of correlation that allow us to reason about an entity in our squishy human world, but are unsafe when used as mechanisms to authorize some event to occur within a system. Capabilities are a safe mechanism to model the flow of authority through a system, but there are times when capabilities have not been granted and we need to make a ""judgement call"" by correlating information about that entity. What should we do?

To pose the question is to see the answer: the right approach is to use each system for what it does best. Use correlation (Verifiable Credentials) in a reasoning system (most commonly human reasoning) as a path to make judgements about whether to hand an entity a specific set of initial capabilities. Use capabilities (ZCAP-LD) as the mechanism to grant and exercise authority through computing systems. To return to our system administrator example, when Alice applies for the job, she submits a series of credentials about her prior work history and degree, and Eva is able to verify that it is Alice's former employers and university which have made these claims. Deciding that Alice is fit for the job, Eva hands Alice her initial capability which grants her authority to administrate the systems in question (with a caveat that allows Eva to revoke that authority at a future date, if appropriate). Alice uses that capability as the initial entry point into administrating the system. ",,https://w3c-ccg.github.io/zcap-spec/,,Specification,,,"Main, Literature",,,,,,,Credentials Community Group,2023-01-22,https://github.com/w3c-ccg/zcap-spec,,,,,,,,,,,, +"Linked Data, Object Capabilities",CCG,,,,,,,,,Authorization Capabilities for Linked Data v0.3,"Authorization Capabilities for Linked Data (ZCAP-LD for short) provides a secure way for linked data systems to grant and express authority utilizing the object capability model. Capabilities are represented as linked data objects which are signed with Linked Data Proofs. ZCAP-LD supports delegating authority to other entities on the network by chaining together capability documents. ""Caveats"" may be attached to capability documents which may be used to restrict the scope of their use, for example to restrict the actions which may be used or providing a mechanism by which the capability may be later revoked.

[...] Relationship to Verifiable Credentials [...]

We seem to be in a conundrum. Claims and credentials are forms of correlation that allow us to reason about an entity in our squishy human world, but are unsafe when used as mechanisms to authorize some event to occur within a system. Capabilities are a safe mechanism to model the flow of authority through a system, but there are times when capabilities have not been granted and we need to make a ""judgement call"" by correlating information about that entity. What should we do?

To pose the question is to see the answer: the right approach is to use each system for what it does best. Use correlation (Verifiable Credentials) in a reasoning system (most commonly human reasoning) as a path to make judgements about whether to hand an entity a specific set of initial capabilities. Use capabilities (ZCAP-LD) as the mechanism to grant and exercise authority through computing systems. To return to our system administrator example, when Alice applies for the job, she submits a series of credentials about her prior work history and degree, and Eva is able to verify that it is Alice's former employers and university which have made these claims. Deciding that Alice is fit for the job, Eva hands Alice her initial capability which grants her authority to administrate the systems in question (with a caveat that allows Eva to revoke that authority at a future date, if appropriate). Alice uses that capability as the initial entry point into administrating the system. ",,https://w3c-ccg.github.io/zcap-spec/,,Specification,,,"Main",,,,,,,Credentials Community Group,2023-01-22,https://github.com/w3c-ccg/zcap-spec,,,,,,,,,,,, Linked Data,WebofTrustInfo,,,,,,,,,Java implementation of Linked Data Signatures,This is an implementation of the following cryptographic suites for Linked Data Proofs:
Ed25519Signature2018
Ed25519Signature2020
EcdsaSecp256k1Signature2019
RsaSignature2018
JsonWebSignature2020
JcsEd25519Signature2020
JcsEcdsaSecp256k1Signature2019,,https://github.com/WebOfTrustInfo/ld-signatures-java,,Code,,,Implementation,,,,,,,,2023-05-13,,,,,,,,,,,,, Linked Data,CCG,,,,,,,,,Linked Data Keys Registry,This repository contains the Linked Data Cryptographic Suite Registry which is a list of all known Linked Data cryptographic suites and their current level of maturity.,,https://github.com/w3c-ccg/ld-cryptosuite-registry,,registry,,,Implementation,,,,,,,Credentials Community Group,2020-12-29,,,,,,,,,,,,, Linked Data,DigitalBazaar,,,,,,,,,Linked Data Capabilities reference implementation,JavaScript reference implementation for Authorization Capabilities.,,https://github.com/digitalbazaar/ocapld.js,,Code,,,Implementation,,,,,,,,2023-01-14,,,,,,,,,,,,, diff --git a/_pages/tags/organization.md b/_pages/tags/organization.md new file mode 100644 index 00000000..81fee805 --- /dev/null +++ b/_pages/tags/organization.md @@ -0,0 +1,7 @@ +--- +title: 'Protocols: Posts Grouped by Tag' +layout: section +permalink: tags/organization/ +canonical_url: 'https://decentralized-id.com/tags/organization/' +section: organization +--- diff --git a/_posts/government/europe/2020-01-06-eIDAS.md b/_posts/government/europe/2020-01-06-eIDAS.md index 2640c48b..ccb67a2e 100644 --- a/_posts/government/europe/2020-01-06-eIDAS.md +++ b/_posts/government/europe/2020-01-06-eIDAS.md @@ -56,6 +56,20 @@ last_modified_at: 2023-06-08 > The European Commission developed the [SSI (Self-Sovereign Identity) eIDAS bridge](https://joinup.ec.europa.eu/collection/ssi-eidas-bridge), an ISA2 funded initiative, to promote eIDAS as a trust framework for the SSI ecosystem. It assists a VC (Verifiable Credential) issuer in the signing process, and helps the verifier to automate the identification of the organization behind the issuer’s DID (Decentralized Identifier) ## eIDAS 2.0 +- [eIDAS 2.0. Moving Closer - European Digital Identity Wallet (EDIW) and Pilot Implementation](https://utimaco.com/news/blog-posts/eidas-20-moving-closer-european-digital-identity-wallet-ediw-and-pilot) 2023-06-07 Utimaco + > **Large-Scale Pilots**\ + > Before its implementation in the Member States, the European Digital Identity Wallet will be assessed in four large-scale initiatives. These projects aim to evaluate digital identity wallets in real-world scenarios covering numerous sectors. There will be participation from more than 250 private companies and government agencies from 25 Member States as well as Norway, Iceland, and Ukraine. + > + > The four pilot projects that commenced on 1st April 2023 are as follows: + > 1. Potential + > - Piloting the use of EUDI wallets for the authorization of payments for products and services by the wallet user/ holder. This includes accessing a digital public service (for example, when trailing to another Member State, a requirement for proof of identity or a necessity to obtain medical prescriptions) and opening bank accounts. + > - Use of the EUDI wallet will also include the necessary requirement for signing contracts online, where a secure digital signature is provided. + > 2. NOBID + > - The NOBID Consortium is developing a large-scale pilot to prepare, implement and test the EU Digital Identity Wallet. This will involve several banks for the authorization of payments for products and services. They aim to address the issuance of wallets, means of payment by financial institutions and acceptance of retail payments. + > 3. DC4EU (Digital Credentials for Europe) + > - The pilot of the wallet across the education sector (by securing education credentials) and the Social Security domain. This will be achieved by deploying and accessing European interoperable digital service infrastructures, including integration, by applying the eIDAS cross-border framework. + > 4. EUWC (EU Digital Identity Wallet Consortium) + > - Storing and presenting Digital Travel essentials within the wallet, enabling cross-border movement within Europe. Further scope to include business digital identity wallets as well as storage of payment credentials to authorize account-to-account based transactions. - [eIDAS 2.0 - Introduction to The European Digital Identity Wallet & The Evolution of Self-Sovereign Identity](https://utimaco.com/current-topics/blog/eidas-2-the-european-digital-identity-wallet) 2022-08-18 > Until now, the [eIDAS regulation](https://www.legislation.gov.uk/eur/2014/910/contents) has only focused on online identification. However, the new proposal – eIDAS 2.0 – aims to extend identity to the world of physical services which can be accessed from anywhere around the globe. * [EIDAS 2.0 Turns To Self-Sovereign Identification To Bring Users Ownership And Control](https://www.forbes.com/sites/alastairjohnson/2022/07/05/eidas-20-turns-to-self-sovereign-identification-to-bring-users-ownership-and-control/?sh=853aa7f7f07e) 2022-07-05 Forbes diff --git a/_posts/government/europe/2023-06-09-united-kingdom.md b/_posts/government/europe/2023-06-09-united-kingdom.md index eb8dd705..9de3e782 100644 --- a/_posts/government/europe/2023-06-09-united-kingdom.md +++ b/_posts/government/europe/2023-06-09-united-kingdom.md @@ -9,7 +9,7 @@ canonical_url: https://decentralized-id.com/government/europe/united-kingdom/ categories: ["Government"] tags: ["Policy","Europe","UK","NHS","Digital Staff Passport","Real World"] last_modified_at: 2023-06-09 -toc: false +toc: true --- ## Government diff --git a/_posts/government/usa/2020-11-01-dhs.md b/_posts/government/usa/2020-11-01-dhs.md index 7c225c55..030fa40d 100644 --- a/_posts/government/usa/2020-11-01-dhs.md +++ b/_posts/government/usa/2020-11-01-dhs.md @@ -1,6 +1,6 @@ --- date: 2020-11-01 -title: US Department Homeland Security (DHS) +title: US Department Homeland Security (DHS) S&T Silicon Valley Innovation Program (SVIP) description: The United States Department Homeland Security has been the source of a considerable amount of funding for effort to create next-gen decentralized id infrastructure. excerpt: "The DHS Science and Technology Directorate (S&T) Silicon Valley Innovation Program (SVIP) is keeping pace with the innovation community to tackle the hardest problems faced by DHS and the Homeland Security Enterprise. SVIP expands DHS S&T’s reach to find new technologies that strengthen national security with the goal of reshaping how government, entrepreneurs, and industry work together to find cutting-edge solutions." permalink: /government/usa/dhs/ diff --git a/_posts/organizations/2020-10-11-hyperledger.md b/_posts/organizations/2020-10-11-hyperledger.md index d3916505..b0222e4f 100644 --- a/_posts/organizations/2020-10-11-hyperledger.md +++ b/_posts/organizations/2020-10-11-hyperledger.md @@ -78,6 +78,12 @@ header: > We hope to accumulate links here that talk to all Identity Standards work. Short updates form this will be used in the paper. ### Application +* [#HyperledgerIdentity round-up: A cross section of production digital identity solutions built using Hyperledger technologies](https://www.hyperledger.org/blog/2022/09/28/hyperledgeridentity-round-up-a-cross-section-of-production-digital-identity-solutions-built-using-hyperledger-technologies) 2022-09-28 Hyperledger + * IBM Digital Health Pass (Fabric) + * Indicio Network (Aries, Ursa) + * IDUnion (Indy) + * NHS Digital Staff Passport (Sovrin: Indy, Ursa, Aries) + * OrgbookBC (Indy, Aries, Ursa) * [Hyperledger Identity Vendors](https://www.hyperledger.org/vendor_level/identity-management) * [TrustID: A New Approach to Fabric User Identity Management](https://www.hyperledger.org/blog/2020/04/21/trustid-a-new-approach-to-fabric-user-identity-management) 2020-04-21 > We developed TrustID to ease the management of identities for the case of TrustOS. Users shouldn’t need to hold a different set of credentials for each network or decentralized application they interact with. The same credentials used to access your owned Bitcoins and manage your tokens in Ethereum should let you update the state of a Fabric asset or launch a secondary market in TrustOS. @@ -115,6 +121,15 @@ header: ## Hyperledger Global Forum +* [#HyperledgerIdentity round-up: A cross section of production digital identity solutions built using Hyperledger technologies](https://www.hyperledger.org/blog/2022/09/28/hyperledgeridentity-round-up-a-cross-section-of-production-digital-identity-solutions-built-using-hyperledger-technologies) 2022-09-28 Hyperledger + > updates from Hyperledger Global Forum + > - [Bringing Trustworthiness in Industrial Device Lifecycle using Verifiable Credentials](https://sched.co/14H61) Marquart Franz & Saad Bin Shams, Siemens AG + > - [Findy Agency — Highway to Verified Data Networks](https://sched.co/14H5g) – Laura Vuorenoja & Harri Lainio, OP Financial Group + > - [Digital Identity Using the vLEI](https://sched.co/14H6n) – Christoph Schneider, Global Legal Entity Identifier Foundation (GLEIF) + > - [Blockchain, Biometrics and Geo-Location: Lessons Learned from the Implementation of Innovative Technologies at the United Nations Joint Staff Pension Fund](https://sched.co/14H5m) – Dino Cataldo Dellaccio, United Nations Joint Staff Pension Fund & Shashank Rai, United Nations International Computing Centre (UNICC) + > - [Hosted Discussion: Rhode Island Leads on Digital Identity Solutions with Hyperledger](https://sched.co/14H6e) – Liz Tanner, State of Rhode Island & Jim Mason, DTCC + > - [Last Mile Problem in Self-Sovereign Identity – Biometric Authentification and Device Independent Wallet for Hyperledger Indy](https://sched.co/14H4u) – Non Kawana & Ken Naganuma, Hitachi, Ltd. + > - [Workshop: How To Build a Self-Sovereign Identity Agent With Hyperledger Aries Framework JavaScript](https://sched.co/15Bid) – Timo Glastra & Berend Sliedrecht, ANIMO & Jakub Koci, ABSA * [Hyperledger Forum Recap – Identity Proofing, and Passwordless User-friendly Digital Identity](https://idramp.com/hyperledger-forum-recap-identity-proofing-and-passwordless-user-friendly-digital-identity/) 2021-07-02 > IdRamp CEO, Mike Vesey presented with Mark Rakhmilevich, Senior Director, Blockchain Product Management at Oracle. In their session, titled “Identity Proofing Solution Combining HL Indy and Fabric”, Mike and Mark presented the benefits and ease of integrating an identity proofing solution based on Hyperledger Indy, Hyperledger Fabric, while leveraging the Oracle blockchain and how using two separate distributed ledgers makes the solution stronger. * [Hyperledger Global Forum 2018]({% link _posts/events/2019-03-16-Hyperledger-Global-Forum-2018.md %}) diff --git a/_posts/web-standards/DIDs-and-VCs/2023-09-29-VC-Data-Integrity_BBS+.md b/_posts/web-standards/DIDs-and-VCs/2023-09-29-VC-Data-Integrity_BBS+.md index 2e7ec104..9f91452b 100644 --- a/_posts/web-standards/DIDs-and-VCs/2023-09-29-VC-Data-Integrity_BBS+.md +++ b/_posts/web-standards/DIDs-and-VCs/2023-09-29-VC-Data-Integrity_BBS+.md @@ -46,7 +46,7 @@ last_modified_at: 2023-09-29 * [Why the Verifiable Credentials Community Should Converge on BBS+](https://www.evernym.com/blog/bbs-verifiable-credentials/) 2021-03-24 Evernym > BBS+ LD-Proofs use JSON-LD schemas, so credentials that use them can have a rich, hierarchical set of attributes. Instead of the heavy-handed mechanism for the encoding and canonicalization of attributes values that we’d imagined for Rich Schemas, they use RDF canonicalization and a hash function. Rather than expanding the credential definition, they discarded it, taking advantage of some properties of BBS+ keys which allow for deterministic expansion. -### Development +## Development * [Code] [jsonld-signatures-bbs](https://www.npmjs.com/package/@mattrglobal/jsonld-signatures-bbs) 2022-12-18 Mattr Global, NPMJS > The following repository contains a linked data proof implementation for creating BBS+ Signatures using BLS12-381 key pairs. > diff --git a/unsorted/next/scotland-uk.md b/unsorted/next/scotland-uk.md index a3214e82..b14601b8 100644 --- a/unsorted/next/scotland-uk.md +++ b/unsorted/next/scotland-uk.md @@ -13,4 +13,12 @@ published: false > The [Smart Entitlements](https://blogs.gov.scot/digital/wp-content/uploads/sites/5/2020/10/Smart-Entitlements-Research-Recommendations-and-Report-for-the-Scottish-Government-FINAL.pdf) concept is very simple. Its goal is to create a common, easy approach for citizens to access public services that is consistent across multiple service providers. To achieve this, it provides citizens with the ability to store their personal information in an Attribute (or personal data) Store which they own and control. * [The keystone foundation companion to the Blockchain is Digital Identity](https://scottishblockchain.net/transforming-education-blockchain-ssi/) DigitalScot > The building block of digital identity ecosystems are ‘[verifiable credentials](https://www.slideshare.net/SSIMeetup/verifiable-credentials-101-for-ssi-and-decentralized-digital-identity-tyler-ruff)‘, the core mechanics for forming these ecosystems through sharing Identity data between collaborating partners, exemplified by initiatives such as the [EU’s recent announcement](https://apnews.com/article/europe-health-coronavirus-pandemic-lifestyle-travel-73f90d18909c595da463994e16e17348) and explained here by the OIX Identity forum. - +* [Digital Identity Scotland](https://blogs.gov.scot/digital/wp-content/uploads/sites/5/2019/05/Digital-Identity-Scotland-Attribute-Standards-31-May-2019.pdf) 2019-05 Scotish Government + > Digital Identity Scotland (DIS) is a programme being run by the Scottish Government to develop a common approach to digital identity for Scottish digital public services. + > + > From the outset the programme stated the following objectives: + > 1. To develop a common approach to online identity assurance and authentication for access to public services, that supports the landscape and direction for digital public services delivery. + > 2. To develop a solution that is designed with and for members of the public (service users) and that stakeholders can support. + > 3. To develop a solution that works: is safe, secure, effective, proportionate, easy to use, and accessible; and forms part of public sector digital services. + > 4. To develop a solution where members of the public can be confident that their privacy is being protected. + > 5. To develop a solution that brings value for money and efficiencies in the delivery of digital public services \ No newline at end of file